yes, it seems the coder was preventing =the very thing I mentioned in my last post on this thread.-G On 2013=-09-11, at 7:54 PM, Steve Graham <skgrahamjr@gmail.com> wrote:This is noHack.db:---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: suppo=rt@webdna.us
co=ntextName
!
addfields
addlineitem
append
appendfile
apple=script
arrayget
arrayset
authenticate
boldwords
browsername<=br>calcfilecrc32
capitalize
case
clearlineitems
closedatabase
command
commitdatabase
con=vertchars
convertwords
copyfile
copyfolder
countchars
countw=ords
createfolder
date
ddeconnect
ddesend
decrypt
delete<=br>deletefile
deletefolder
dos
elapsedtime
else
encrypt
excl=usivelock
filecompare
fileinfo
findstring
flushcache
flushda=tabases
format
format
formvariables
founditems
freememory
function
getchars
getcookie
getmimeheader
grep
hideif
htm=l1
html2
html3
httpmethod
if
include
input
interpretipaddress
issecureclient
lastautonumner
lastrandom
lineitems<=br>listchars
listcookies
listdatabases
listfields
listfiles
lis=tmimeheaders
listpath
listvariables
listwords
lookup
lookup<=br>loop
lowercase
math
middle
movefile
object
orderfilepassword
platform
product
protect
purchase
random
raw
=redirect
referrer
removehtml
removelineitem
replace
replacef=ounditems
return
returnraw
scope
search
sendmail
setcooki=e
setheader
setlineitem
setmimeheader
shell
showif
shownext
spawn
sql
sql
sqlconnect
sqldisconnect
sqlexecute
sqlinf=o
sqlrelease
sqlresult
switch
table
tcpconnect
tcpsend
text
then
thisurl
time
unurl
uppercase
url
username
validcard
version
version
waitforfile
writefile
xmlnode
=xmlnodes
xmlnodesattributes
xmlparse
xsl
xsltOn Wed, Sep 11, 2013 at 6:42 PM, Donovan= Brooke <dbrooke@webdna.us> wrote:Steve,---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: suppo=rt@webdna.us
It appears the original coder was trying to stop anyone from try=ing a context in the URL... however, I'm not sure why that would be des=ired. We don't know the contents of "noHack.db" so we can'=;t tell you exactly what the coder was trying to protect the site from.
Donovan=A0=A0---------------------------------------------------------= This message is sent to you because you are subscribed to the mailing list= <talk@webdna.us=>. To unsubscribe, E-mail to: <talk-leave@webdna.us>archives: http://mail.webdna.u=s/list/talk@webdna.us Bug Reporting: support@webdna.us--- Original message ---
Subject: [WebDNA] S=top hacking
From: Steve Graham <skgrahamjr@gmail.com>
To: <talk@we=bdna.us>
Date: Wednesday, 11/09/2013 3:53 PMI found this code in a webdna site I am fixing.=A0 Someone please say if t=his is necessary or recommended to stop hackers in v7.x or v6.2.1:
[formvariables]
[search db=3DnoHack.db&eqcontextNamedatarq=3D[ur=l][name][/url]]
[founditems]
[redirect /]
[/founditems]
[/searc=h]
[/formvariables]
[!] include this file at the top of every pag=e to block hacking when a context name appears as a formvariable name [/!]<=br>---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: suppo=rt@webdna.us
|
yes, it seems the coder was preventing =the very thing I mentioned in my last post on this thread.-G On 2013=-09-11, at 7:54 PM, Steve Graham <skgrahamjr@gmail.com> wrote:This is noHack.db:---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: suppo=rt@webdna.us
co=ntextName
!
addfields
addlineitem
append
appendfile
apple=script
arrayget
arrayset
authenticate
boldwords
browsername<=br>calcfilecrc32
capitalize
case
clearlineitems
closedatabase
command
commitdatabase
con=vertchars
convertwords
copyfile
copyfolder
countchars
countw=ords
createfolder
date
ddeconnect
ddesend
decrypt
delete<=br>deletefile
deletefolder
dos
elapsedtime
else
encrypt
excl=usivelock
filecompare
fileinfo
findstring
flushcache
flushda=tabases
format
format
formvariables
founditems
freememory
function
getchars
getcookie
getmimeheader
grep
hideif
htm=l1
html2
html3
httpmethod
if
include
input
interpretipaddress
issecureclient
lastautonumner
lastrandom
lineitems<=br>listchars
listcookies
listdatabases
listfields
listfiles
lis=tmimeheaders
listpath
listvariables
listwords
lookup
lookup<=br>loop
lowercase
math
middle
movefile
object
orderfilepassword
platform
product
protect
purchase
random
raw
=redirect
referrer
removehtml
removelineitem
replace
replacef=ounditems
return
returnraw
scope
search
sendmail
setcooki=e
setheader
setlineitem
setmimeheader
shell
showif
shownext
spawn
sql
sql
sqlconnect
sqldisconnect
sqlexecute
sqlinf=o
sqlrelease
sqlresult
switch
table
tcpconnect
tcpsend
text
then
thisurl
time
unurl
uppercase
url
username
validcard
version
version
waitforfile
writefile
xmlnode
=xmlnodes
xmlnodesattributes
xmlparse
xsl
xsltOn Wed, Sep 11, 2013 at 6:42 PM, Donovan= Brooke <dbrooke@webdna.us> wrote:Steve,---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: suppo=rt@webdna.us
It appears the original coder was trying to stop anyone from try=ing a context in the URL... however, I'm not sure why that would be des=ired. We don't know the contents of "noHack.db" so we can'=;t tell you exactly what the coder was trying to protect the site from.
Donovan=A0=A0---------------------------------------------------------= This message is sent to you because you are subscribed to the mailing list= <talk@webdna.us=>. To unsubscribe, E-mail to: <talk-leave@webdna.us>archives: http://mail.webdna.u=s/list/talk@webdna.us Bug Reporting: support@webdna.us--- Original message ---
Subject: [WebDNA] S=top hacking
From: Steve Graham <skgrahamjr@gmail.com>
To: <talk@we=bdna.us>
Date: Wednesday, 11/09/2013 3:53 PMI found this code in a webdna site I am fixing.=A0 Someone please say if t=his is necessary or recommended to stop hackers in v7.x or v6.2.1:
[formvariables]
[search db=3DnoHack.db&eqcontextNamedatarq=3D[ur=l][name][/url]]
[founditems]
[redirect /]
[/founditems]
[/searc=h]
[/formvariables]
[!] include this file at the top of every pag=e to block hacking when a context name appears as a formvariable name [/!]<=br>---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usBug Reporting: suppo=rt@webdna.us
DOWNLOAD WEBDNA NOW!
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...